- up to 4.9.183

[packages/kernel.git] / kernel-apparmor.patch

diff --git a/kernel-apparmor.patch b/kernel-apparmor.patch
index 2330b2a2d5dda5d2424668f57504108af3fff828..9c0b815a6b50e354f3a18976f57741e2e08f7d3e 100644 (file)
--- a/kernel-apparmor.patch
+++ b/kernel-apparmor.patch
@@ -1566,43 +1566,4 @@ index 0000000..9cf9170
 +      return error;
 +}
 
-commit 29fb087c5df8bb8ac354ab58d33c43e68270123b
-Author: John Johansen <john.johansen@canonical.com>
-Date:   Wed Aug 31 21:10:06 2016 -0700
-
-    apparmor: fix change_hat not finding hat after policy replacement
-    
-    After a policy replacement, the task cred may be out of date and need
-    to be updated. However change_hat is using the stale profiles from
-    the out of date cred resulting in either: a stale profile being applied
-    or, incorrect failure when searching for a hat profile as it has been
-    migrated to the new parent profile.
-    
-    Fixes: 01e2b670aa898a39259bc85c78e3d74820f4d3b6 (failure to find hat)
-    Fixes: 898127c34ec03291c86f4ff3856d79e9e18952bc (stale policy being applied)
-    Signed-off-by: John Johansen <john.johansen@canonical.com>
 
-diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c
-index f2a83b4..dbd68f2 100644
---- a/security/apparmor/domain.c
-+++ b/security/apparmor/domain.c
-@@ -621,8 +621,8 @@ int aa_change_hat(const char *hats[], int count, u64 token, bool permtest)
-       /* released below */
-       cred = get_current_cred();
-       cxt = cred_cxt(cred);
--      profile = aa_cred_profile(cred);
--      previous_profile = cxt->previous;
-+      profile = aa_get_newest_profile(aa_cred_profile(cred));
-+      previous_profile = aa_get_newest_profile(cxt->previous);
- 
-       if (unconfined(profile)) {
-               info = "unconfined";
-@@ -718,6 +718,8 @@ audit:
- out:
-       aa_put_profile(hat);
-       kfree(name);
-+      aa_put_profile(profile);
-+      aa_put_profile(previous_profile);
-       put_cred(cred);
- 
-       return error;